Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
with --allow-insecure-crypto, additionally attempt to disable insecur…
…e systemwide minimum crypto settings Because openconnect_set_allow_insecure_crypto() now does more than just attempt to reenable 3DES and ARC4, its failure to enable those ciphers should not be treated as fatal, but merely a warning. Setting the appropriate environment variable (GNUTLS_SYSTEM_PRIORITY_FILE or OPENSSL_CONF) to `/dev/null` *before* crypto library initialization should ensure that a systemwide crypto configuration file doesn't set a minimum crypto requirement which would override the user choice. See https://gitlab.com/openconnect/openconnect/-/issues/211#note_482161646 for discussion of GnuTLS settings, and https://www.openssl.org/docs/man1.1.1/man5/config.html for OpenSSL. FIXME: OpenSSL implementation needs library reinitialization. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
- Loading branch information
Showing
6 changed files
with
50 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters